TeleSign announced the launch of Behavior ID, a new solution that enables web and mobile applications to measure and analyze an individual’s behavioral biometrics to provide continuous authentication, even after the user has been verified with traditional security methods such as passwords.

TeleSign Behavior ID provides an extra, transparent security layer for every type of consumer online account to protect users from fraud. The solution runs seamlessly in the background and without the need for user interaction.

Other key features of Behavior ID include measurable behavioral patterns, continuous authentication and account protection, transparent enrollment, full compatibility with all of TeleSign’s current verification and data / analytics products, and detailed usage monitoring.

TeleSign is now offering Behavior ID software development kits (SDK) for web and mobile applications on an international basis, which can be easily embedded into new or existing web and mobile app-based platforms.

BiometricUpdate.com had the opportunity to talk to Sergi Isasi, director of product management at TeleSign, who discussed the Behavior ID solution, its key features, and what makes behavioral biometrics such a strong authentication method.

How does TeleSign Behavior ID work?

Sergi Isasi: TeleSign Behavior ID is a new offering that uses behavioral biometrics as an additional layer of security to provide seamless and continuous user authentication. It works by collecting and evaluating a mix of user behaviors – including keystrokes, mouse dynamics, graphical user interface and advanced behavioral algorithms – to establish a user’s profile and keep it secure. It then provides a “similarity score” based on these set of behavioral traits that are collected, analyzed and rated along the user journey to calculate a similarity ratio between the user’s current behavior and the historical, expected behavior to prevent fraudulent users from taking over accounts.

Can you explain some of the solution’s key features?

TeleSign Behavior ID works in three phases. First, it collects data on a user by evaluating their behavioral patterns across a range of touchpoints from how a user types on the keyboard, how they hold their device, how hard they press a device screen, etc. Second, it compares that data against a user’s normal usage patterns and attaches this statistical data to any transaction. Finally, it uses server-side analysis to provide a “similarity score” for that user’s actions that a platform can use to decide if they want to welcome, flag or challenge (via 2FA over SMS or Voice for instance) that user.

What makes behavioral biometrics such a strong authentication method?

Behavioral biometrics add an additional layer of account security assurance without adding any friction to the end-user. It is also universal and can be used with any type of user on any type of device, without requiring them to take action to initiate the security as opposed to static biometrics which require users to share their fingerprint, a scan of their retina, etc. Finally, it is nearly impossible to imitate a user’s behavioral patterns and due to the continuous authentication, behavioral biometrics get stronger every time a user interacts with the mobile app or web-based platform.

Why has behavioral biometrics not been as widely adopted as some other popular biometric modalities (fingerprint, facial, voice)?

Behavioral biometrics are still relatively new as compared to other static biometrics like fingerprint, voice or facial recognition. However, as issues have arisen with these types of modalities (which can often be stolen, reused and duplicated), behavioral biometrics are starting to show their strength as an additional, frictionless layer of security. Market projections support this strength as well, with one analyst (Radiant Insights) projecting the biometrics industry as a whole to grow 600% over a seven year period, ending at roughly $44 billion in 2021.

What are some of the key applications of this solution?

TeleSign Behavior ID can be used to help secure accounts with any consumer-facing website, mobile application, bank, or ecommerce platform, but it is especially effective at stopping account takeovers, even when a fraudster has access to a user’s account credentials including their username and password. It can be used to authenticate users across their entire journey with a platform, from account login to payment transaction and more.